作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (5): 145-147. doi: 10.3969/j.issn.1000-3428.2008.05.050

• 安全技术 • 上一篇    下一篇

边界网关协议的攻击分析与安全防范

蔡昭权   

  1. (惠州学院网络中心,惠州 516015)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-03-05 发布日期:2008-03-05

Attacks Analysis and Security Precaution of Border Gateway Protocol

CAI Zhao-quan   

  1. (Network Center, Huizhou University, Huizhou 516015)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-03-05 Published:2008-03-05

摘要: 分析边界网关协议(BGP)当前版本中存在的漏洞和脆弱性,指出可能遭受的基于TCP及自身漏洞的攻击。提出BGP的安全威胁模型和防范策略,以及如何对协议功能进行扩展的措施。以CISCO路由器为例,给出典型的安全防范配置。实践证明,通过访问控制列表、数字签名、路由过滤、源地址检测和协议扩展方案,可以有效提高网络的安全性和稳定性。

关键词: 路由协议, 漏洞, 攻击, 防范, 安全, 边界网关协议

Abstract: By analyzing the loopholes and weakness in the current version of Border Gateway Protocol(BGP) and noting the potential attacks based on TCP, this paper gives the BGP security threat model and the corresponding preventive strategy, and explains how to extend the functions of the protocol. As an example, a typical security precaution setup of the CISCO routing is illustrated. Practice proves that, network security and stability can be effectively improved through access control lists, digital signature, routing filtering, source address detection and protocol extended function.

Key words: routing protocol, loopholes, attack, precaution, security, Border Gateway Protocol(BGP)

中图分类号: